The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
History

Mon, 09 Dec 2024 17:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}


Mon, 09 Dec 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Freebsd
Freebsd freebsd
CPEs cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*
Vendors & Products Freebsd
Freebsd freebsd
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Thu, 29 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2024-02-15T04:52:09.645Z

Updated: 2024-08-29T18:48:40.014Z

Reserved: 2022-01-10T22:07:46.040Z

Link: CVE-2022-23084

cve-icon Vulnrichment

Updated: 2024-08-03T03:28:43.503Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-15T05:15:08.833

Modified: 2024-12-09T17:27:41.437

Link: CVE-2022-23084

cve-icon Redhat

No data.